Separate Internet service for Guest Wireless

Similar Messages

• Printing Solutions for Guest Wireless

  So this is something that has been bouncing around the forums for a year or two now.  I have failed to come up with a "best-of-breed" approach that meets the strict security requirments of a government department.
  The scenario is this - the wireless platform is based around centralised Wism controllers in a datacentre and an anchor controller (for guest wireless) in a dmz, we have WCS to manage the components including the Lightweight Access-Points (mainly Cisco 1142N's) with a Cisco NGS to act as both hotspot and as the client credentials RADIUS authority. it works great except for printing which simply isn't currently an option.
  The solution services a wide number of geographic locations - all members of the one guest SSID and mobility group.  Since clients that connect to this are effectively DMZ'd and only able to connect to the internet, I am struggling to find a practical way to provide printing specific to each geographic site without going for a cloud service such as "Drop-box", or "PrinterON" 
  Has anyone out there in the Community come up with any innovative approaches to this connundrum?  If so please join the conversation

  Hi, I've encountered the same issue. Did you find a solution?

• Parameter to internet service for transaction

  hi All,
  I have created a new ztransaction(report transaction) which has some parameters. I have created the internet service for this and also tested it. It's working fine
  I want to know how to pass parameters to this service via url .
  thanks and Regards,
  Swapna

  is it integrated ITS or standalone?
  check this weblog
  <a href="/people/durairaj.athavanraja/blog/2004/09/23/pass-parameter-to-its-url-upadated-21st-june-2008">Pass Parameter to ITS URL</a>
  Regards
  Raja

• We traded our home internet service for a Sprint Hot Spot.  The hot spot does not have an ethernet port to connect through.  Can we connect our time capsule to the wireless hot spot?

  Hello, we switched our home internet service from an ethernet modem to a wireless hot spot. 
  Do you know if there is a way to connect our time capsule to the hot spot? 
  Everything I read only suggests connecting through an ethernet cable.  I'm hoping there is a way to do this.
  Any help would be appreciated!
  Thanks!!!

  No you can't join a wireless hotspot with a Time Capsule directly via it's 'join' option (tried and failed - well to be exact it kinda works but the Time Capsule's ethernet ports no longer work).
  What you can do is buy an airport express and use it's 'join' option to connect to the iPhone's hotspot. Then you connect the airport express via ethernet to the time capsule (in bridge-mode).
  You can then connect your computers to the time capsule via ethernet or use it's wireless function to set up wireless network (with a different name to that of the hotspot) that your wifi stuff can connect to.
  Thingi

• ASA5510 base config for guest wireless network

  Hello
  I am partitioning off my guest wireless traffic out a new connection.
  I have a WISM and a 5508 controller. The WISM will anchor the subnets to the specific controller.
  AP - WISM - 5508 - FW - Cable link - Internet
  Can anyone assist in implementing a base config so only traffic originating inside can get out, nothing from outside getting in.
  The external link will be via cable and I want to configure their static on my outside int,
  Where would be the best place to ratelimit the subnet(s)?
  sMc       

  ip access-list 10 permit ip 172.16.16.0 255.255.255.0 eq 80ip access-list 10 permit ip 172.16.16.0 255.255.255.0 eq 443
  These are router configurations and would not work on the ASA.  To do this the ACL config would need to look like this:
  access-list LAN extended permit ip 172.16.16.0 255.255.255.0 any eq 80
  access-list LAN extended permit ip 172.16.16.0 255.255.255.0 any eq 443
  access-group LAN in interface inside
  Keep in mind that you can change the ACL name (LAN) to anything you want it to be.  You could apply the ACL in the outbound direction but this is very unusual to do on the ASA and I do not suggest doing it unless you have a specific reason for doing so.
  Also, to make sure this subnet has no access to inside services, what would be needed?
  Not exactly sure where you are going with this.  Is this subnet also located on the inside interface? or on a different interface?
  If it is located on a different interface, then all you have to do is either give it a lower security level than that of the inside interface (lets say 90 for example), or add an ACL that denies traffic to the inside network subnet and then under that rule have an entery permitting traffic to any.
  Keep in mind that the ACLs are checked top to bottom and there is an implicit deny any rule at the bottom of all ACLs.  If this ASA is version 8.3 or higher the implicit deny can be seen in the global ACL in the ASDM.
  Please remember to rate and select a correct answer

• Setting up webauth for guest wireless access

  Hi there,
  I'm trying to set up guest wireless access.  having no experience with this at all, I'm beginning to struggle.
  Equipment:
  2x 3850 stacked and acting as one switch running 03.06.00E
  4x 1602E AP's registered to the WLC running on the 3850
  The infrastructure is sound and corporate wireless access works ok.
  I need a config that allows a guest user to connect to the guest SSID, DHCP an address, then when they open a browser, they are automatically redirected to a splash screen for them to log on. Once they log on with the supplied username and password they are then forwarded to whatever site it is they wish to go to;  So far my config looks like this (removed unnecessary parts for brevity);
  Building configuration...
  user-name test
   creation-time 1414684496
   privilege 0
   password 7 051F031C35
   type network-user description test guest-user lifetime year 0 month 0 day 0 hour 23 minute 59 second 4
  aaa new-model
  aaa authentication login aaa_guest_webauth local
  aaa authentication login local_login local
  aaa authorization exec local_authorise local
  aaa authorization network guest_authorisation local
  aaa authorization credential-download default local
  aaa session-id common
  switch 1 provision ws-c3850-24t
  switch 2 provision ws-c3850-24t
  service-template webauth-global-inactive
   inactivity-timer 3600
  service-template DEFAULT_LINKSEC_POLICY_MUST_SECURE
  service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE
  service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
   voice vlan
  spanning-tree mode pvst
  spanning-tree extend system-id
  hw-switch switch 1 logging onboard message level 3
  hw-switch switch 2 logging onboard message level 3
  parameter-map type webauth global
   virtual-ip ipv4 1.2.3.4
  parameter-map type webauth guest-webauth
   type webauth
   redirect on-success http://www.google.com
   banner text ^CC test text test ^C
   custom-page login device flash-1:login.html
   custom-page failure device flash-1:failed.html
  class-map match-any non-client-nrt-class
  policy-map port_child_policy
   class non-client-nrt-class
    bandwidth remaining ratio 10
  interface VlanXXX
   description "Guest-Access-VLAN"
   ip address 10.x.x.126 255.255.255.128
   ip helper-address x.x.x.x
   ip helper-address x.x.x.x
  line vty 0 4
   exec-timeout 7 0
   authorization exec local_authorise
   login authentication local_login
   transport input ssh
  line vty 5 15
   exec-timeout 7 0
   authorization exec local_authorise
   login authentication local_login
   transport input ssh
  wsma agent exec
   profile httplistener
   profile httpslistener
  wsma agent config
   profile httplistener
   profile httpslistener
  wsma agent filesys
   profile httplistener
   profile httpslistener
  wsma agent notify
   profile httplistener
   profile httpslistener
  wsma profile listener httplistener
   transport http
  wsma profile listener httpslistener
   transport https
  wireless mobility controller
  wlan Wireless-Guest-Access 24 wireless-guest
   client vlan Guest-Access-VLAN
   ip access-group GUEST-ACCESS
   no security wpa
   no security wpa akm dot1x
   no security wpa wpa2
   no security wpa wpa2 ciphers aes
   security web-auth
   security web-auth authentication-list aaa_guest_webauth
   security web-auth parameter-map guest-webauth
   session-timeout 1800
   no shutdown
  ap country GB
  ap group default-group
  ap group BUS-AP-Group
   wlan Wireless-Corporate-Access
    vlan BUS-CORP-DATA-VLAN
   wlan Wireless-Guest-Access
    vlan Guest-Access-VLAN
  end
  I carried out a wireshark trace and can see the dhcp ok, then see DNS queries to the DNS name serever and the replies, followed by a TCP SYN to the resolved IP of the website requested - but that's it, there is no SYN ACK reply or redirect to the login page which i have placed on the flash and specified under 'custom-page login' 
  I am under the impression that the way this should work is as follows;
  1. Client connects to SSID and carries out DHCP DORA and is assigned an IP address
  2. open browser on client and carry out name resolution 
  3. once name is resolved, carry TCP three way handshake with requested site (e.g. google)
  4. once three way handshake is completed client carries out an HTTP GET request
  5. WLC holds the response and redirects to the login page
  6. on successful login, original requested page is forwarded to client.
  I can't seem to get a response - even if I remove the ACL.
  Am i heading in the right direction or am I trying to achieve something which is not possible with my setup?
  Cheers

  also, forgot to say, make sure your files are preceeded with webauth for your html and js and web_auth for image files
  38725  -rw-        4265   Nov 4 2014 12:21:28 +00:00  webauth_login.html
  38726  -rw-        6937   Nov 4 2014 12:11:03 +00:00  webauth_aup.html
  38727  -rw-        1356   Nov 4 2014 12:11:30 +00:00  webauth_logout.html
  38728  -rw-         662   Nov 4 2014 12:11:43 +00:00  webauth_failed.html
  38729  -rw-         318   Nov 4 2014 12:11:58 +00:00  webauth_loginscript.js
  38731  -rw-       82940   Nov 4 2014 12:12:28 +00:00  web_auth_image.jpg
  CORE-SW01#sho run | s param
  parameter-map type webauth global
   type webauth
   virtual-ip ipv4 1.1.1.1
   custom-page login device flash:webauth_login.html
   custom-page failure device flash:webauth_failed.html
  parameter-map type webauth guest-webauth
   type webauth
   custom-page login device flash:webauth_login.html
   custom-page failure device flash:webauth_failed.html
   security web-auth parameter-map guest-webauth
  CORE-SW01#

• Why don't I have internet service for laptop and desktop at the same time

  Time capsule will either provide Internet service to my iMac (hardwired) or my laptop (wireless), but not simultaneously.

  Open Macintosh HD > Applications > Utilities > AirPort Utility
  Click Manual Setup
  Click the Internet icon
  Click the Internet Connection tab
  Connect Using = Ethernet
  Connection Sharing = Share a public IP address
  Click Update to save settings
  Wait a full minute for the Time Capsule to restart, then check the network again.

• ISE Custom AUP for Guest Wireless

  Hi All,
  I am trying to setup Guest wireless using Cisco ISE for the first time.  Under Multi-Portal Configurations, i was hoping to be able to edit the DefaultGuestPortal profile so that I could change the wording of the AUP from Cisco's Blurb.  Can anyone point me in the direction where I can do this?  The only alternative I can see is to create a new portal from scratch.
  Cheers
  Brian

  MultiPortal Configurations
  Cisco ISE provides you with the ability to host multiple guest portals in the Cisco ISE server. The Guest user portal has a default Cisco look and feel. These pages are dynamically generated to offer portal features such as change password and self-registration in the Login Screen.
  You can use the Multi-portal configuration to upload set of GUI pages specific to your organization to handle the Login, AUP, Change Password and Self Registration. In order to access an uploaded client portal the guest portal URL must include the name of the portal specified during the upload.
  You can design and upload HTML pages to define new guest portals or replace the default guest portal. These pages must use plain HTML code and must contain form actions that point to the guest portal backend servlets. You must define separate HTML pages for login, acceptable use policy (AUP), the change-password function, and self-registration.
  For Complete Configuration Guide, Please click on below link
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_guest_pol.pdf

• Internet Services For ESS In ECC 6.0

  Hi Gurus,
  Actually i'm trying to find the ESS Internet Services in ECC 6.0. We are planning not to use Web Dynpro appl for the moment and to use ECC 6.0 with integrated ITS using the internet services.
  In ECC 6.0 under the transaction SE80 i'm seraching for the following ESS Internet services. But couldn't get that. The services are
  *Payslip - PZ11
  Time Statement - PZ04
  Address PZ02
  Emergency Address PZ05
  Family Members PZ12
  Personal data PZ13
  Prev Employer PZ28*
  whereas i can find the other services under SE80 like
  *PZ01, PZ03, PZ24, CATW *etc.
  I'm new in this, so detailed answer will be highly helpful.
  Thanks
  Anirban

  Hi Narasimha,
  Thanks a lot for your answers. It is really helpful. But lastly let me ask a question in SE80 we can create or modify HTML templates for the internet services. For these transactions for which i'm not getting through SE80, how can i change HTML layouts.
  Correct me if my understanding is wrong. Points will be given obviously.
  Thanks
  Anirban

• Web Page for Guest Wireless

  Hi.
  I was wondering if someone could help me with the easiest way to set up a Web Page to control Guest Wireless access on Cisco AP 1130AG.
  I was using PEAP and Dot1x to Active Directory but the messing around required on some clients (namely XP and Vista) means it is not ideal for random and unexpected guests.
  How can I set up an Open Authentication method (or whatever I need) that then defaults to a web page or logon page for access to the network itself? I have seen this in other companies so it must be do-able.
  Just for information a standard WPA2 key for the SSID is insufficient as we want a logon page and user credentials that are changeable.
  I hope someone can help.

  Are you using the AP with a lightweight controller, or standalone (autonomous)?
  The lightweight controllers have this capability. Standalone APs do not.

• Compatible Internet service for Snow Leaopard

  The description of SL states - "Some features require a compatible Internet service."
  Can anyone elaborate? If not, how can I find out?
  Thanks.

  The only "incompatible" internet services are very rare.
  1. For high speed internet the those are in some non-US countries with PPPoA connections that do not provide a simple hardware that gives an IP address dynamically (DHCP) or statically via their internet hardware. A few satellite internet providers also have an incompatible USB high speed modem. Most have an ethernet modem, and/or PPPoE support which is supported by Mac OS X directly. For those with a USB modem that has no ethernet, special drivers may be necessary, or support only exists if you have virtualization*:
  http://www.macmaps.com/macosxnative.html#WINTEL
  2. Pretty much all dialup internet providers if you have a USB 56k modem work with Mac OS X.
  - * Links to my pages may give me compensation.

• Web Based Registration for Guest Wireless Access

  I just started a project to make a guest wireless network available at every site in my enterprise.  Guest wireless networks are currently available at some sites.  Two key goals of this project is to enable WPA/WPA2 encryption and to develop a web based registration/autentication solution.  All of the sites have a mixture of 1230, 1240, and 1250 autonomous access points.  What do I need to do/get in order to make this happen?

  You should get a WLC and upgrade the 1240 and 1250 and replace the 1230's if they are in remote sites.
  The WLC has a Webauth feature that is great. You can define users on the WLC also if you wish.
  Guest access should always be open authentication with the use of a Webauth page. This makes it easy and you won't have to help manage guest access. Autonomous ap's and to have a splash page will require a 3rd party software or you can use a Cisco NAC guest server.
  Search for Cisco Wireless Guest Access or Webauth and you will see many docs on this type of setup.
  Sent from Cisco Technical Support iPhone App

• Separate internet gateway for a given vlan

  In my scenario, I have a layer 3 switch acting as my core/root bridge/vtp server for around 30 vlans. On it I've defined the gateway of last resort to be the lan IP address of my internet firewall. I've brought in a new internet connection and new firewall that I will eventually use as a replacement. I've created a new vlan and put the new firewall in it. Before I change the gateway of last resort on my core switch to be the new firewall, is it possible for me to select a particular vlan, vlan 25 for example, and configure it to use the new firewall as its internet gateway for testing?

  Not sure what firewall you have, do not do layer 3 for this vlan on the core router. Create a layer 2 link between the new firewall and the core router. Define the test vlan default gateway as a virtual IP on the firewall on the vlan say 10.100.0.1.
  Then on the clientson the new vlan just point them to this 10.100.0.1 as default. on the new firewall just do a static route for 0.0.0.0 to the internet

• Can I use my wireless house WiFi with a Kindle Fire or do I need to buy an internet service for it

  Can I use my house WiFi with a Kindle Fire or do I need to buy a WiFi package like a cell phone has for a Kindle Fire

  wifi allows you to connect to a router.  You still need an internet provider to source your content.

• Internet boost for guest house

  I'm currently living in a guest house in Los Angeles. The owner has allowed me to use his wireless internet for free. The only problem is its very slow and sometimes doesn't load images or pages at all. And forget videos. According to the air traffic control widget the strength is generally 35-42. He is a software engineer so he isn't dumb when it comes to this stuff. His router is G strength. Is there anything I can do to make the signal stronger? Any hardware or software out there? I could obviously just get my own but free internet is better than 40 dollar time warner or a 60 dollar a month 3g card.

  Tyler,
  Well, you'll want to use the "Manual Setup" configuration path.... but I am getting ahead of myself.
  I wouldn't bother connecting it all up when it first comes. Instead, just plug it into the handiest AC outlet. Give it time to boot itself up, and then look for it in your Macbook Pro's Airport menu. It will show up as a generic "Apple Network xxxxxxxx." Connect to it.
  Once connected, open Airport Utility (which you have found). After a bit of "thinking," your AE will show up at the left side of the Airport Utility window. Yeah, in sort of a "source list." Surprised?
  You'll see the "Manual..." button. Click it. Don't get lost or overwhelmed. There are 5 "panes" available in the Toolbar, and each "pane" has multiple "tabs." I'll just touch on the highlights, pertinent to you:
  Airport>Base Station- OK, you must name your AE. Don't get confused; this is the name of your device (kind of like your computer name. Actually, exactly like your computer name!). Set a password, too. Again, no confusion; this is the password to access your device, not the password for the network (which we'll get to). I recommend you check "Remember this password in my Keychain." Yeah. Uncheck "Allow setup over WAN." You don't explicitly have to, but it is my recommendation.
  Airport>Wireless- Yes, you want to create a network. Give it a name; this is its "SSID," and it is what you'll see in your MBP's Airport menu. Enable the "N" protocol, of course, and I recommend "WPA2 Personal" for the security protocol. Now you can set the password needed to connect to this wireless network, aaaaaaaand, another item for your Keychain. Choose your wireless options (I like "closed" networks, which do not broadcast the SSID for all to see).
  Internet>Internet Connection- Important for you, this is where you adjust the "Connection Sharing" setting to.... "Off." As you'll see, this is parenthetically called "Bridge Mode." Ha! In this mode, the other panes are irrelevant.
  The other panes, tabs, options, blah, blah, blah are interesting, and I have no doubt you will explore them. Have fun on your own. The important points are covered above. When you have it set to your satisfaction, click the "Update" button. This will upload your settings to the AE, causing it to reboot. Let it do so. Then, you can unplug it, move it to its semi-permanent location and connection to the router, and plug it in again. Once it boots up, you'll be up and running.
  Oh, and did you figure out on your own how it will "combine" with the current network name? In short, it won't. It will create a new wireless network, with an entirely different name (SSID). Nevertheless, it will in fact be a part of the same network. Think of it as a radio station that broadcasts on both FM and AM, simultaneously (you remember AM, don't you?). Same station, different channel.
  Scott